This document specifies an approach that supports the risk-based identification of cybersecurity, certification and assurance requirements to ICT products, processes and services for complex multi-stakeholder sectoral systems.

The sectoral cybersecurity assessment process includes all steps necessary to specify, implement and maintain such requirements.

Process performance or quality measurement are out of the scope of this document.